Ugh... Registry keys & Login Scripts

[htcs]

Using NT4 domain, Win XP Clients - have login scripts that run the following command:

regedit /s \\server\netlogin\reg\ssaver.reg

ssaver.reg has the following:

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"PowerOffActive"="1"
"PowerOffTimeOut"="1200"
"ScreenSaveActive"="1"
"ScreenSaverIsSecure"="1"
"ScreenSaveTimeOut"="300"
"SCRNSAVE.EXE"="logon.scr"

[HEKY_USERS\.DEFAULT\Control Panel\PowerCfg]
"CurrentPowerPolicy"="0"


Pretty much this enables the screen saver at the logon screen and allows the monitor to power off as well.

The script runs - but the keys in the registry don't change! Happens on all systems even with admin rights.

I have other registry items i've created and they seem to work just fine.

Any ideas as to what i'm doing wrong?

 

[evelmunkey]

I will look at some login scripts when I get home.

 

[evelmunkey]

Seems like the script would work, as far as I can tell everything is correct. I would double check that you can access that path from that box with the desired user. When you say the user has admin rights, is that admin of that machine or network admin rights? My guess is the user doesnt have access to the folder that script is in. Try putting some checks in there to see how far it is getting. For example, if you have a bat file that calls this file put in a pause before this reg file is called and then take off the /s so you can see it run and maybe put a pause after. Let me know more info...

 

[htcs]

The script files is running - when i have regedit open and run the script from the command prompt manually, i can see the regedit window 'refresh' and if i change the values of other reg tweaks, i can see the values change once the script is run. Its only this specific one that just won't do it!!!

The users have admin rights on their local machines. These scripts are done so that its as if the user is running the programs directly from their machines - not the server.

Thinking more about this... this isn't really a script problem since that is running. Its the fact that the reg file will not add its values into the registry for that particular key(s).

I can't seem to think of any other information you would need... if you know of something that you would need to know that i don't right now... let me know so i can find out and let you know what else you needed to know! AIR!!! :amazed:
(first day off cigarettes... kinda don't know what i'm talking about ).


Really appreciate your interest in helping! Thanks in advance.

 

[evelmunkey]

I have been reading some info on this subject and it seems that windows update made it so this can not happen. It appears that an attack could be launched by allowing a script to change these settings. Something along the lines oh launching cmd.exe as the screen saver (login.scr) and since the screen saver laucnches as a system process the attacker would have "admin rights" will in the command propmt. Havent confirmed that via a reliable source but I am still looking into as to why this isnt working.

 

[evelmunkey]

Try altering the same settings under this instead.....

[HKEY_CURRENT_USER\Control Panel\Desktop]

I know that it shouldnt make a difference but just to test.

Also, this key may not exist on XP. I am at work and this machine is locked down like fort knox so I cant verify. I am just going by what I read.

 

[htcs]

Ah, thanks for that.

I changed the keys in \HKEY_CURRENT_USER\Control Panel\Desktop and it seems to have successfully entered ok. I verified by looking at the screen saver time out, monitor power off time and password protection on screen saver. They were all modified to what was specified in the reg. file.


Thanks... this may not work for the login screen, but it works while they're logged on!

Thanks again.

 

[evelmunkey]

IF that worked, I am confident in saying that the other way was most like disabled due to the attack I mentioned earlier.

 

[htcs]

Thanks for the help - thanks to your suggestion i've been able to change many other options this way. You ROCK!